<?php

	class AKB_FORGOTPASS
	{
		/**
		* ShowForm
		* Shows the intial form for getting the username whos password needs resetting
		*
		* @return void
		*/
		function ShowForm($InvalidUser = false,$customMessage = false)
		{
			if (!$customMessage) {
				$customMessage = GetLang('UserNotFound');
			}
			
			if ($InvalidUser) {
				$GLOBALS['Message'] = MessageBox($customMessage, MSG_ERROR);
			}

			$GLOBALS['HidePanels'][] = 'ForgotpassConfirm';
			$GLOBALS['HidePanels'][] = 'ForgotpassNewpass';
			$GLOBALS['HidePanels'][] = 'ForgotpassDone';

			$GLOBALS['AKB_CLASS_TEMPLATE']->SetTemplate('forgotpass');
			$GLOBALS['AKB_CLASS_TEMPLATE']->ParseTemplate();
		}

		/**
		* SendLink
		* Send the user the link to reset their password via email
		*
		* @return void
		*/
		function SendLink()
		{
			$username = $_POST["username"];

			// Try and find the user account in the database
			$user = new API_USER();
			$user->find('username', $username);
			
			// if this is LDAP account, we don't allow them to change the password.
			if (API_LDAP::isLdapUser($user->pass)) {
					$this->ShowForm(true,sprintf(GetLang('UserIsLdapAccount'),$username));
					return;
			} elseif ($user->userid) {
				//Check for email address
				if (trim($user->email) == "") {
					$this->ShowForm(true,sprintf(GetLang('UserNoEmail'),$username));
					return;
				}
				
				$code = md5(uniqid(rand(), true));
				$user->updateField('forgotpasscode', $code);

				// Send the mail
				$link = sprintf('%s/admin/index.php?ToDo=confirmPasswordChange&userid=%d&code=%s', $GLOBALS['pathToKB'], $user->userid, $code);
				$message = sprintf(GetLang("ChangePasswordEmail"), $link);

				$email = new Email_API();
				setEmailVars($email);
				
				$email->Set('CharSet', $GLOBALS['charset']);
				$email->From($GLOBALS['contactEmail']);
				$email->Set('Subject', GetLang("ChangePasswordConfirm"));
				$email->AddBody('text', $message);
				$email->AddRecipient($user->email, '', 't');
				$email_result = $email->Send();

				$GLOBALS['HidePanels'][] = 'ForgotpassForm';
				$GLOBALS['HidePanels'][] = 'ForgotpassNewpass';
				$GLOBALS['HidePanels'][] = 'ForgotpassDone';

				$GLOBALS['AKB_CLASS_TEMPLATE']->SetTemplate('forgotpass');
				$GLOBALS['AKB_CLASS_TEMPLATE']->ParseTemplate();
			} else {
				// Invalid username
				$this->ShowForm(true);
			}
		}

		/**
		* ConfirmPasswordChange
		* Display a form for the user to enter their new password. Only display
		* the form if the userid and code match
		*
		* @return void
		*/
		function ConfirmPasswordChange()
		{
			/*
			* Since we are putting the code straight from the get string into
			* the post string we need to make sure it isn't open to XSS
			*/
			$valid_code_chars = array_merge(range('a', 'z'), range('0', '9'));

			if (strlen($_GET['code']) != 32) {
				// The string must be 32 chars long or it is wrong
				$tainted = true;
			} else {
				$tainted = false;
			}

			for ($i=0; $i < strlen($_GET['code']) && !$tainted; $i++) {
				$char = $_GET['code'][$i];
				if (!in_array($char, $valid_code_chars)) {
					$tainted = true;
				}
			}

			if ($tainted) {
				$GLOBALS['Message'] = MessageBox(GetLang('ForgotPasswordCodeProblem'), MSG_ERROR);
				$GLOBALS['HidePanels'][] = 'ForgotpassConfirm';
				$GLOBALS['HidePanels'][] = 'ForgotpassNewpass';
				$GLOBALS['HidePanels'][] = 'ForgotpassDone';

				$GLOBALS['AKB_CLASS_TEMPLATE']->SetTemplate('forgotpass');
				$GLOBALS['AKB_CLASS_TEMPLATE']->ParseTemplate();
				return;
			}

			$user = new API_USER();
			$user->load($_GET['userid']);
			
			$GLOBALS['HidePanels'][] = 'ForgotpassForm';
			$GLOBALS['HidePanels'][] = 'ForgotpassConfirm';
			$GLOBALS['HidePanels'][] = 'ForgotpassDone';

			if ($user->userid > 0 && $_GET['code'] == $user->forgotpasscode) {
				$GLOBALS['UserId'] = (int) $_GET['userid'];
				$GLOBALS['Code'] = $_GET['code'];
				$GLOBALS['Username'] = $user->username;
			} else {
				$GLOBALS['HidePanels'] = array (
					'ForgotpassForm', 'ForgotpassConfirm', 'ForgotpassDone'
				);
				$GLOBALS['Message'] = MessageBox(GetLang('ForgotPasswordCodeProblem'), MSG_ERROR);
			}

			$GLOBALS['AKB_CLASS_TEMPLATE']->SetTemplate('forgotpass');
			$GLOBALS['AKB_CLASS_TEMPLATE']->ParseTemplate();

		}

		/**
		* ResetPassword
		* Do the actual reset of the password in the database. Blank the code
		* also so that it can't be reused
		*
		* @return void
		*/
		function ResetPassword()
		{
			$user = new API_USER();
			$user->load($_POST['userid']);

			$GLOBALS['HidePanels'][] = 'ForgotpassForm';
			$GLOBALS['HidePanels'][] = 'ForgotpassNewpass';
			$GLOBALS['HidePanels'][] = 'ForgotpassConfirm';

			if ($user->userid > 0 && $_POST['code'] == $user->forgotpasscode) {
				$_POST['forgotpasscode'] = '';
				$user->save();
			} else {
				$GLOBALS['HidePanels'][] = 'ForgotpassDone';
				$GLOBALS['Message'] = MessageBox(GetLang('ForgotPasswordCodeProblem'), MSG_ERROR);
			}

			$GLOBALS['AKB_CLASS_TEMPLATE']->SetTemplate('forgotpass');
			$GLOBALS['AKB_CLASS_TEMPLATE']->ParseTemplate();

		}

	}

?>